Back to reports
Report 2 of 2024

ICT asset management

ICT reviews
Published
ICT asset management thumbnail

Audit snapshot

What we reviewed and why

The increasing complexity of ICT environments and risk of cyber security threats reinforces the need for agencies to have clear visibility and understanding of their ICT assets. To protect these assets and meet the requirements of the South Australian Cyber Security Framework, all agencies need to establish and maintain ICT asset management controls.

We reviewed the ICT asset management controls applied by six SA Government agencies from a variety of sectors. 

What we found

We had no major concerns with the ICT asset management practices of the agencies we reviewed. Their controls varied, and we did identify some areas to improve.  Our key findings included: 

  • ICT asset scanning and discovery discrepancies
  • gaps in documented ICT asset management procedures
  • inconsistent management of ICT assets
  • gaps in documented ownership and classification of ICT assets
  • a lack of periodic review and monitoring of ICT assets
  • gaps in ICT asset sanitisation and disposal. 

Good ICT asset management controls

ICT-asset-management--key-fact-1---update-4

Documented procedures for onboarding, managing and offboarding ICT assets

ICT-asset-management--key-fact-2---update-4

Vendor service monitoring arrangements

ICT-asset-management--key-fact-3---update-4

Well maintained centralised ICT asset registers, with owners and classifications listed

ICT-asset-management--key-fact-4---update-4

Documented procedures for monitoring ICT asset sanitisation and destruction

Stay informed about our work

We’ll notify you when new reports are published.